CVE-2021-29489: Cross-site Scripting

May 5, 2021 (updated June 4, 2022)

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user’s browser. The vulnerability is patched As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.

References

nvd.nist.gov/vuln/detail/CVE-2021-29489

Code Behaviors & Features

Detect and mitigate CVE-2021-29489 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →